Computing system with an email privacy filter and related methods

ABSTRACT

A client computing device includes a display, and a processor coupled to the display. The processor is configured to identify sensitive information within an email. In response to identification of sensitive information within the email, the processor determines that the email is to be hidden from view after receipt of the email based on one or more rules, so as to prevent presentation of the sensitive information to an unauthorized viewer via the display.

RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.16/165,130 filed Oct. 19, 2018, which is hereby incorporated herein inits entirety by reference.

TECHNICAL FIELD

The present disclosure relates to computing systems, and moreparticularly, to an email privacy filter to be applied to emails havingsensitive information and related methods.

BACKGROUND

Emails accessed on a client computing device are generally displayedwhen selected by a user of the client computing device. If a receivedemail includes sensitive information and is displayed on the clientcomputing device in a public place, then this may allow for leakage ofthe sensitive information to others within viewing distance of theclient computing device.

Another scenario is when a display of the client computing device isshared with others in a meeting. Generally, an email notificationmessage is displayed indicating receipt of a new email, and this emailnotification message would also be shared with others in the meeting. Ifthe new email contains sensitive information, then there may be leakageif the new email notification message includes a portion of thesensitive information. Also, the new email may inadvertently be openedthereby leaking the sensitive information.

SUMMARY

A client computing device includes a display, and a processor coupled tothe display. The processor is configured to identify sensitiveinformation within an email. In response to identification of sensitiveinformation within the email, the processor determines that the email isto be hidden from view after receipt of the email based on one or morerules, so as to prevent presentation of the sensitive information to anunauthorized viewer via the display.

The processor may identify the sensitive information within the email bycomparing contents of the email to a sensitive word database, and theemail is determined to contain sensitive information in response to theemail containing at least one of the sensitive words in the sensitiveword database.

The processor may identify the sensitive information within the email inresponse to the email including a sensitivity tag.

The processor may receive a location of the client computing device, andthe one or more rules may be applied based on the location of the clientcomputing device.

The processor may receive calendar information of scheduled meetings fora user of the client computing device, and the one or more rules may beapplied based on the scheduled meetings.

The client computing device further comprises a display coupled to theprocessor, and the processor may be further configured to generate anotification message for display indicating that the received emailhaving sensitive information is hidden from view.

The client computing device further comprises an input device coupled tothe processor, and the processor may be further configured to displaythe hidden email having sensitive information based on an authorizationcode entered via the input device.

The client computing device further comprises a camera coupled to theprocessor, and the processor may be further configured to execute facialrecognition software and to display the hidden email having sensitiveinformation based on facial recognition of an authorized user of theclient computing device. The client computing device further comprises amicrophone coupled to the processor, and the processor may be furtherconfigured to execute voice recognition software and to display thehidden email having sensitive information based on voice recognition ofan authorized user of the client computing device.

Another aspect is directed to a method for operating the clientcomputing device as described above. The method comprises identifyingsensitive information within an email. In response to identification ofsensitive information within the email, the method further comprisesdetermining that the email is to be hidden from view on a clientcomputing device after receipt of the email based on one or more rules,so as to prevent display of the sensitive information to an unauthorizedviewer.

Yet another aspect is directed to a computing system comprising a serverand a client computing device as described above. The server comprisesrules to be applied to emails containing sensitive information. Theclient computing device is configured to receive the rules from theserver. The client computing device identifies sensitive informationwithin a received email. In response to identification of sensitiveinformation within the email, the client computing device determinesthat the email is to be hidden from view after receipt of the emailbased on the rules, so as to prevent display of the sensitiveinformation to an unauthorized viewer.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a network environment of computing devicesin which various aspects of the disclosure may be implemented.

FIG. 2 is a block diagram of a computing device useful for practicing anembodiment of the client machines or the remote machines illustrated inFIG. 1.

FIG. 3 is a block diagram of a computing system with an email privacyfilter in which various aspects of the disclosure may be implemented.

FIG. 4 is a flowchart illustrating a method for operating the computingsystem with the email privacy filter illustrated in FIG. 3.

FIG. 5 is a flowchart illustrating a method for operating the emailprivacy filter illustrated in FIG. 3.

DETAILED DESCRIPTION

The present description is made with reference to the accompanyingdrawings, in which exemplary embodiments are shown. However, manydifferent embodiments may be used, and thus the description should notbe construed as limited to the particular embodiments set forth herein.Rather, these embodiments are provided so that this disclosure will bethorough and complete. Like numbers refer to like elements throughout.

As will be appreciated by one of skill in the art upon reading thefollowing disclosure, various aspects described herein may be embodiedas a device, a method or a computer program product (e.g., anon-transitory computer-readable medium having computer executableinstruction for performing the noted operations or steps). Accordingly,those aspects may take the form of an entirely hardware embodiment, anentirely software embodiment or an embodiment combining software andhardware aspects.

Furthermore, such aspects may take the form of a computer programproduct stored by one or more computer-readable storage media havingcomputer-readable program code, or instructions, embodied in or on thestorage media. Any suitable computer readable storage media may beutilized, including hard disks, CD-ROMs, optical storage devices,magnetic storage devices, and/or any combination thereof.

Referring initially to FIG. 1, a non-limiting network environment 101 inwhich various aspects of the disclosure may be implemented includes oneor more client machines 102A-102N, one or more remote machines106A-106N, one or more networks 104, 104′, and one or more appliances108 installed within the computing environment 101. The client machines102A-102N communicate with the remote machines 106A-106N via thenetworks 104, 104′.

In some embodiments, the client machines 102A-102N communicate with theremote machines 106A-106N via an intermediary appliance 108. Theillustrated appliance 108 is positioned between the networks 104, 104′and may be referred to as a network interface or gateway. In someembodiments, the appliance 108 may operate as an application deliverycontroller (ADC) to provide clients with access to business applicationsand other data deployed in a datacenter, the cloud, or delivered asSoftware as a Service (SaaS) across a range of client devices, and/orprovide other functionality such as load balancing, etc. In someembodiments, multiple appliances 108 may be used, and the appliance(s)108 may be deployed as part of the network 104 and/or 104′.

The client machines 102A-102N may be generally referred to as clientmachines 102, local machines 102, clients 102, client nodes 102, clientcomputers 102, client devices 102, computing devices 102, endpoints 102,or endpoint nodes 102. The remote machines 106A-106N may be generallyreferred to as servers 106 or a server farm 106. In some embodiments, aclient device 102 may have the capacity to function as both a clientnode seeking access to resources provided by a server 106 and as aserver 106 providing access to hosted resources for other client devices102A-102N. The networks 104, 104′ may be generally referred to as anetwork 104. The networks 104 may be configured in any combination ofwired and wireless networks.

A server 106 may be any server type such as, for example: a file server;an application server; a web server; a proxy server; an appliance; anetwork appliance; a gateway; an application gateway; a gateway server;a virtualization server; a deployment server; a Secure Sockets LayerVirtual Private Network (SSL VPN) server; a firewall; a web server; aserver executing an active directory; or a server executing anapplication acceleration program that provides firewall functionality,application functionality, or load balancing functionality.

A server 106 may execute, operate or otherwise provide an applicationthat may be any one of the following: software; a program; executableinstructions; a virtual machine; a hypervisor; a web browser; aweb-based client; a client-server application; a thin-client computingclient; an ActiveX control; a Java applet; software related to voiceover internet protocol (VoIP) communications like a soft IP telephone;an application for streaming video and/or audio; an application forfacilitating real-time-data communications; a HTTP client; a FTP client;an Oscar client; a Telnet client; or any other set of executableinstructions.

In some embodiments, a server 106 may execute a remote presentationclient or other client or program that uses a thin-client or aremote-display protocol to capture display output generated by anapplication executing on a server 106 and transmits the applicationdisplay output to a client device 102.

In yet other embodiments, a server 106 may execute a virtual machineproviding, to a user of a client device 102, access to a computingenvironment. The client device 102 may be a virtual machine. The virtualmachine may be managed by, for example, a hypervisor, a virtual machinemanager (VMM), or any other hardware virtualization technique within theserver 106.

In some embodiments, the network 104 may be: a local-area network (LAN);a metropolitan area network (MAN); a wide area network (WAN); a primarypublic network 104; and a primary private network 104. Additionalembodiments may include a network 104 of mobile telephone networks thatuse various protocols to communicate among mobile devices. For shortrange communications within a WLAN, the protocols may include 802.11,Bluetooth, and Near Field Communication (NFC).

FIG. 2 depicts a block diagram of a computing device 100 useful forpracticing an embodiment of client devices 102 or servers 106. Thecomputing device 100 includes one or more processors 103, volatilememory 122 (e.g., random access memory (RAM)), non-volatile memory 128,user interface (UI) 123, one or more communications interfaces 118, anda communications bus 150.

The non-volatile memory 128 may include: one or more hard disk drives(HDDs) or other magnetic or optical storage media; one or more solidstate drives (SSDs), such as a flash drive or other solid state storagemedia; one or more hybrid magnetic and solid state drives; and/or one ormore virtual storage volumes, such as a cloud storage, or a combinationof such physical storage volumes and virtual storage volumes or arraysthereof.

The user interface 123 may include a graphical user interface (GUI) 124(e.g., a touchscreen, a display, etc.) and one or more input/output(I/O) devices 126 (e.g., a mouse, a keyboard, a microphone, one or morespeakers, one or more cameras, one or more biometric scanners, one ormore environmental sensors, and one or more accelerometers, etc.).

The non-volatile memory 128 stores an operating system 115, one or moreapplications 116, and data 117 such that, for example, computerinstructions of the operating system 115 and/or the applications 116 areexecuted by processor(s) 103 out of the volatile memory 122. In someembodiments, the volatile memory 122 may include one or more types ofRAM and/or a cache memory that may offer a faster response time than amain memory. Data may be entered using an input device of the GUI 124 orreceived from the I/O device(s) 126. Various elements of the computer100 may communicate via the communications bus 150.

The illustrated computing device 100 is shown merely as an exampleclient device or server, and may be implemented by any computing orprocessing environment with any type of machine or set of machines thatmay have suitable hardware and/or software capable of operating asdescribed herein.

The processor(s) 103 may be implemented by one or more programmableprocessors to execute one or more executable instructions, such as acomputer program, to perform the functions of the system. As usedherein, the term “processor” describes circuitry that performs afunction, an operation, or a sequence of operations. The function,operation, or sequence of operations may be hard coded into thecircuitry or soft coded by way of instructions held in a memory deviceand executed by the circuitry. A processor may perform the function,operation, or sequence of operations using digital values and/or usinganalog signals.

In some embodiments, the processor can be embodied in one or moreapplication specific integrated circuits (ASICs), microprocessors,digital signal processors (DSPs), graphics processing units (GPUs),microcontrollers, field programmable gate arrays (FPGAs), programmablelogic arrays (PLAs), multi-core processors, or general-purpose computerswith associated memory.

The processor may be analog, digital or mixed-signal. In someembodiments, the processor may be one or more physical processors, orone or more virtual (e.g., remotely located or cloud) processors. Aprocessor including multiple processor cores and/or multiple processorsmay provide functionality for parallel, simultaneous execution ofinstructions or for parallel, simultaneous execution of one instructionon more than one piece of data.

The communications interfaces 118 may include one or more interfaces toenable the computing device 100 to access a computer network such as aLocal Area Network (LAN), a Wide Area Network (WAN), a Personal AreaNetwork (PAN), or the Internet through a variety of wired and/orwireless connections, including cellular connections.

In described embodiments, the computing device 100 may execute anapplication on behalf of a user of a client device. For example, thecomputing device 100 may execute one or more virtual machines managed bya hypervisor. Each virtual machine may provide an execution sessionwithin which applications execute on behalf of a user or a clientdevice, such as a hosted desktop session. The computing device 100 mayalso execute a terminal services session to provide a hosted desktopenvironment. The computing device 100 may provide access to a remotecomputing environment including one or more applications, one or moredesktop applications, and one or more desktop sessions in which one ormore applications may execute.

Additional descriptions of a computing device 100 configured as a clientdevice 102 or as a server 106, or as an appliance intermediary to aclient device 102 and a server 106, and operations thereof, may be foundin U.S. Pat. Nos. 9,176,744 and 9,538,345, which are incorporated hereinby reference in their entirety. The '744 and '345 patents are bothassigned to the current assignee of the present disclosure.

Referring to FIG. 3, a computing system 20 with an email privacy filter30 will now be discussed. Emails accessed on a client computing device50 are generally displayed when selected by a user of the clientcomputing device 50. Problems may arise when the displayed emailsinclude sensitive information. Depending on the location of the clientcomputing device 50, this may allow leakage of the sensitive informationto others within viewing distance of the client computing device 50. Aswill be explained in detail below, the email privacy filter 30advantageously prevents display of the sensitive information tounauthorized viewers. Sensitive information, for example, may includepersonal data, salary history, social security numbers, passwords, andwork related information.

The email privacy filter 30 may be on the mail server 40 as illustratedin FIG. 3, or may optionally be located on the client computing device50 as indicated by the email privacy filter 30 marked with dashed lines.In other embodiments, the mail server 40 may be combined with the server60.

The mail server 40 may be an exchange server. The mail server 40includes the email privacy filter 30 when the client computing device isconfigured to access the mail server 40 using a browser or a nativeapplication or any email client application without any built-incapabilities. The client computing device 50 includes the email privacyfilter 30 when the client computing device 50 is configured to accessthe mail server 40 using a secure browser and a virtual private network(vpn), such as Citrix secure mail. In yet other embodiments, the emailprivacy filter 30 may be deployed on a separate server acting like aproxy intercepting the emails.

The email privacy filter 30 filters the received emails based on contentand based on contextual information. Content is directed to thesubstance of the emails, whereas the context is directed to a locationof where the emails are to be viewed. Content of the emails is firstexamined to determine if sensitive information is in the emails. Foremails that include sensitive information, contextual information, suchas device location and calendar information of scheduled meetings, isthen used to determine if the emails are to be hidden from view on theclient computing device 45 so as to prevent display of the sensitiveinformation to unauthorized viewers.

The illustrated computing system 20 includes a mail server 40, a clientcomputing device 50 to receive emails from the mail server 40, an emailprivacy filter 30 that is applied to the received emails, and a server60 that provides email policy rules 62 to the email privacy filter 30.The email policy rules 62 determine how the emails with sensitiveinformation are to be treated based on the contextual informationassociated with the client computing device 50 at the time the email isreceived and accessed by the user for viewing.

The email policy rules 62 are not applied to emails that do not includesensitive information. These emails along with their notificationmessages are displayed without any restrictions.

The client computing device 50 is enrolled with the server 60 and isconfigured to access the mail server 40. The server 60 includes theemail policy rules 62 that are provided to the email privacy filter 30which are applied to emails containing sensitive information. The emailpolicy rules 62 are generally defined and implemented by anadministrator of the server 60.

The server 60 is part of an enterprise access/security system. Theserver 60 may be a unified endpoint management (UEM) server, anenterprise mobility management (EMM) server, or a mobile devicemanagement (MDM) server, for example. Even though only one clientcomputing device 50 is illustrated as being enrolled with the server 60,there is no limit to the number of devices that may be enrolled.

Generally speaking, the EMM or UEM servers may provide a MDM platformfor providing access by the client computing device 50 to sharedapplications. The shared applications may be hosted/managed, Web, andSaaS applications. The EMM platform may include the MDM platform alongwith a secure container to keep enterprise data secure. Also, the EMMplatform may utilize a UEM platform to secure client endpoints such aslaptops, smartphones, tablets, desktop computers, printers and wearablesfrom a single source.

Since the client computing device 50 is enrolled with the server 60,this advantageously allows contextual information of the clientcomputing device 50 to be determined. The contextual information alongwith the email policy rules 62 are then provided to the email privacyfilter 30.

Enrollment of the client computing device 50 with the server 60 allowslocation of the client computing device 50 to be provided to the emailprivacy filter 30. The server 60 is able to query the client computingdevice 50 for its location. The client computing device may provide itsGPS coordinates. In the absence of GPS, the IP address of the clientcomputing device 50 may be used. Also, information obtained from theclient computing device 50 accessing Wi-Fi networks and communicatingwith fixed tracking/positional devices can provide location of theclient computing device 50.

Other contextual information may be determined by the server 60 andprovided to the email privacy filter 30. For example, when the user ofthe client computing device 50 is in a scheduled meeting with otherattendees, the server 60 is able to determine who the other attendeesare based on who all received the meeting invite. The other attendeesmay or may not be cleared to view the sensitive information within theemails. If they are all cleared to view the sensitive information, thenthe email is displayed. If one or more are not cleared to view thesensitive information, then the email is not displayed.

The email privacy filter 30 is to be applied to emails from the mailserver 40 intended for the client computing device 50, with the emailprivacy filter 30 interfacing with the server 60 to receive the emailpolicy rules 62 therefrom. The email privacy filter 30 first determines,for each email, if the email contains sensitive information.

Determination of sensitive information within an email may be based onseveral approaches. One approach is for the email privacy filter 30 tocompare contents of the email to a sensitive word database. A sensitiveword database 54 may be defined by a user of the client computing device50, and a sensitive word database 64 may be defined by an administratorof the server 60. Both of these sensitive word database 54, 64 areprovided to the email privacy filter 30. Sensitive words may be salaryand social security number, for example. Sensitive words may be relatedto a particular program or project that is be kept confidential.

Yet another approach to determine if an email includes sensitiveinformation is to feed the email into a machine learning computer model34. The machine learning computer model 34 may be on the email privacyfilter 30, as illustrated. In other embodiments, the machine learningcomputer model 34 may be on the client computing device, or there may bemultiple machine learning computer models 34.

The machine learning computer model 34 may be created using supervisedlearning (classification) by feeding the data (e.g., emails) preparedusing classification by humans and also using automated processing ofcontent by looking for keywords. The machine learning computer model 34will continue to learn based on the user updating sensitivity tags. Asensitivity tag is an attribute of an email message that can be set byeither a user or the email privacy filter 30. This may be based oncriteria such as the presence of certain keywords found in the emailcontent or by a machine learning algorithm. The sensitivity tags addedas optional attributes to the message may also cached on the clientcomputing device 50 or the server 60.

This supervised learning of the machine learning computer model 34 helpsthe model to learn what is sensitive information within these emails. Asmore emails with sensitive information are examined, then the machinelearning computer model 34 becomes more accurate in determiningsensitive information in emails. A combination of the sensitive worddatabases 54, 64 and the machine learning computer model 34 may be usedby the email privacy filter 30. Consequently, the email privacy filter30 can continuously learn to categorize the mails and determinesensitivity using machine learning and with the user tagging emails asbeing sensitive.

The email privacy filter 30 also includes a map of email IDs 36 foremails that include sensitive information. If a previous email hasalready been identified by the email privacy filter 30 as havingsensitive information is received again by the client computing device50, then this email is identified from the map of email IDs 36 withouthaving to compare the email to the sensitive word databases 54, 64 orbeing applied to the machine learning computer model 34. For example,this may be the case in which a reply is made to an email classified ascontaining sensitive information. Another example is when an email issent to multiple users at once, and the email would be analyzed justonce despite it being sent to multiple users.

Also, if a received email is tagged or flagged as including sensitiveinformation, then the email does not need to be compared to thesensitive word databases 54, 64 or applied to the machine learningcomputer model 34. Any email may be tagged or flagged as being sensitiveby the user. Once the email privacy filter 30 categorizes an email ashaving sensitive information, then the email policy rules 62 areapplied.

The email policy rules 62, in some applications, are applied based oncontextual information of the client computing device 50. As notedabove, the email privacy filter 30 receives a location of the clientcomputing device 50. The email policy rules 62 are applied based on thelocation of the client computing device 50. For example, if the user ofthe client computing device 50 is at the office or at home and receivesan email having sensitive information, then the email is allowed to bedisplayed on the client computing device 50 because these locations havebeen identified in the system as being safe for display of classifiedinformation.

Alternatively, if the user of the client computing device 50 is at acoffee shop or grocery store and receives an email having sensitiveinformation, then the email is to be hidden from view on the clientcomputing device 50 so as to prevent display of the sensitiveinformation to an unauthorized viewer. The locations of the coffee shopor grocery store may be predetermined by the system. Alternatively, thesystem may treat areas outside of known areas (that are permissible forviewing sensitive information) as unknown areas (that are notpermissible for viewing sensitive information, such as locations of thecoffee shop or grocery store).

The client computing device includes a display 56, and is configured togenerate a notification message for display indicating that an emailhaving sensitive information has been received and is hidden from view.As will be explained below, the user may override the email privacyfilter 30 so as to display the email having sensitive information.

The email privacy filter 30 is also configured to receive calendarinformation of scheduled meetings for a user of the client computingdevice 50, and to apply the policy rules 62 based on the scheduledmeetings. If the user of the client computing device 50 receives anemail having sensitive information while attending a scheduled meeting,then the email is to be hidden from view so as to prevent display of thesensitive information to an unauthorized viewer.

However, the server 60 is able to determine who the other attendees arebased on who all received the initial meeting invite. Consequently, ifthe other attendees are permitted to view the email having sensitiveinformation, then the policy rules 62 would allow the email to bedisplayed.

The email privacy filter 30 may be selectively activated anddeactivated. This may be based on input from an administration of theserver 60, and/or from the user of the client computing device 50. Also,the email privacy filter 30 may have adjustable sensitivity levels thatare selected by the administrator and/or the user of the clientcomputing device 50.

When the user of the client computing device 50 receives a notificationmessage indicating that an email having sensitive information has beenreceived and is hidden from view, the user may override the emailprivacy filter 30 so as to display the email having sensitiveinformation. Overriding the email privacy filter 30 may be performed byseveral different approaches.

One approach is based on the client computing device 50 including aninput device 55, and the user enters an authorization code or passwordvia the input device 55. The input device may be a keyboard or apointing device, for example. Another approach is based on the clientcomputing device 50 including a camera 56 and facial recognitionsoftware 57, and the hidden email having sensitive information isdisplayed upon facial recognition of an authorized user of the clientcomputing device 50. Yet another approach is based on the clientcomputing device 50 including a microphone 58 and voice recognitionsoftware 59, and the hidden email having sensitive information isdisplayed upon voice recognition of an authorized user of the clientcomputing device 50.

Referring now to the flowchart 200 in FIG. 4, another aspect of thedisclosure is directed to a method for operating the computing system 20that includes, from the start (Block 202), enrolling a client computingdevice 50 with the server 60 at Block 204, and the client computingdevice 50 accesses emails from the mail server 40 at Block 206. Emailpolicy rules 62 are provided from the server 60 to the email privacyfilter 30 at Block 210. The email privacy filter 30 is applied to emailsfrom the mail server 40 intended for the client computing device 50 atBlock 212. The email privacy filter 30 is used to determine if theemails contains sensitive information at Block 214. If the emailscontains sensitive information, then the email privacy filter 30 is usedto apply the email policy rules to determine if the emails are to behidden from view on the client computing device 50. The method ends atBlock 216.

Referring now to the flowchart 300 in FIG. 5, a method for operating theemail privacy filter 30 includes, from the start (Block 302),determining if the email contains sensitive information at Block 304. Ifthe email contains sensitive information, then the email policy rules 62are applied at Block 306 to determine if the email is to be hidden fromview on the client computing device 50 so as to prevent display of thesensitive information to an unauthorized viewer. The method ends atBlock 308.

Another aspect of the disclosure is directed to a non-transitorycomputer readable medium for operating an email privacy filter 30 withina computing system 20 as described above. The non-transitory computerreadable medium has a plurality of computer executable instructions forcausing the email privacy filter 30 to determine if the email containssensitive information, and if the email contains sensitive information,then apply the email policy rules 62 to determine if the email is to behidden from view on the client computing device 50 so as to preventdisplay of the sensitive information to an unauthorized viewer.

Many modifications and other embodiments will come to the mind of oneskilled in the art having the benefit of the teachings presented in theforegoing descriptions and the associated drawings. Therefore, it isunderstood that the disclosure is not to be limited to the specificembodiments disclosed, and that modifications and embodiments areintended to be included within the scope of the appended claims.

That which is claimed:
 1. A client computing device comprising: adisplay; and a processor coupled to said display and configured toidentify sensitive information within an email, and in response toidentification of sensitive information within the email, determine thatthe email is to be hidden from view after receipt of the email based onone or more rules, so as to prevent presentation of the sensitiveinformation to an unauthorized viewer via the display.
 2. The clientcomputing device according to claim 1 wherein said processor identifiesthe sensitive information within the email by comparing contents of theemail to a sensitive word database, and the email is determined tocontain sensitive information in response to the email containing atleast one of the sensitive words in the sensitive word database.
 3. Theclient computing device according to claim 1 wherein said processoridentifies the sensitive information within the email in response to theemail including a sensitivity tag.
 4. The client computing deviceaccording to claim 1 wherein said processor receives a location of theclient computing device, and wherein the one or more rules are appliedbased on the location of the client computing device.
 5. The clientcomputing device according to claim 1 wherein said processor receivescalendar information of scheduled meetings for a user of the clientcomputing device, and wherein the one or more rules are applied based onthe scheduled meetings.
 6. The client computing device according toclaim 1 wherein said processor is further configured to generate anotification message for display indicating that the received emailhaving sensitive information is hidden from view.
 7. The clientcomputing device according to claim 6 further comprising an input devicecoupled to said processor, and wherein said processor is furtherconfigured to display the hidden email having sensitive informationbased on an authorization code entered via said input device.
 8. Theclient computing device according to claim 6 further comprising a cameracoupled to said processor, and wherein said processor is furtherconfigured to execute facial recognition software and to display thehidden email having sensitive information based on facial recognition ofan authorized user of the client computing device.
 9. The clientcomputing device according to claim 6 further comprising a microphonecoupled to said processor, and wherein said processor is furtherconfigured to execute voice recognition software and to display thehidden email having sensitive information based on voice recognition ofan authorized user of the client computing device.
 10. A methodcomprising: identifying sensitive information within an email; and inresponse to identification of sensitive information within the email,determine that the email is to be hidden from view on a client computingdevice after receipt of the email based on one or more rules, so as toprevent display of the sensitive information to an unauthorized viewer.11. The method according to claim 10 wherein the sensitive informationis identified within the email by comparing contents of the email to asensitive word database, and the email is determined to containsensitive information in response to the email containing at least oneof the sensitive words in the sensitive word database.
 12. The methodaccording to claim 10 wherein the sensitive information within the emailis identified in response to the email including a sensitivity tag. 13.The method according to claim 10 further comprising receiving a locationof the client computing device, and wherein the one or more rules areapplied based on the location of the client computing device.
 14. Themethod according to claim 10 further comprising receiving calendarinformation of scheduled meetings for a user of the client computingdevice, and wherein the one or more rules are applied based on thescheduled meetings.
 15. The method according to claim 10 furthercomprising generating a notification message for display indicating thatthe received email having sensitive information is hidden from view. 16.The method according to claim 10 wherein the client computing devicecomprises an input device, and further comprising displaying the hiddenemail having sensitive information based on an authorization codeentered via the input device.
 17. The method according to claim 16wherein the client computing device comprises a camera, and furthercomprising executing facial recognition software and to display thehidden email having sensitive information based on facial recognition ofan authorized user of the client computing device.
 18. The methodaccording to claim 16 wherein the client computing device comprises amicrophone, and further comprising executing voice recognition softwareand to display the hidden email having sensitive information based onvoice recognition of an authorized user of the client computing device.19. A computing system comprising: a server comprising rules to beapplied to emails containing sensitive information; and a clientcomputing device configured to receive the rules from said server, andto perform the following: identify sensitive information within areceived email, and in response to identification of sensitiveinformation within the email, determine that the email is to be hiddenfrom view after receipt of the email based on the rules, so as toprevent display of the sensitive information to an unauthorized viewer.20. The computing system according to claim 19 wherein said clientcomputing device is further configured to generate a notificationmessage for display indicating that the received email having sensitiveinformation is hidden from view.